Browser Extensions Are the New AI Consumption Channel That No One Is Talking About
AI browser extensions are 60% more likely to have security vulnerabilities than average extensions — and 99% of enterprise users have at least one installed.
What’s new: A report from LayerX highlights the security risks associated with AI browser extensions, noting that they are 60% more likely to have vulnerabilities than average extensions. These extensions can access sensitive data without triggering traditional security controls, creating a significant blind spot for organizations. Approximately 99% of enterprise users have at least one browser extension, with many using AI extensions that can change permissions over time, increasing their risk profile.
Who’s affected
All organizations utilizing browser extensions, particularly those with employees using AI extensions, are at risk. The report indicates that over a quarter of enterprise users have more than 10 extensions installed, leading to potential exposure of sensitive data and user sessions.
What to do
- Conduct a comprehensive audit of all browser extensions in use across the organization to identify risks.
- Implement stricter governance policies for AI extensions due to their elevated permissions and potential to expose sensitive data.
- Continuously monitor extension behavior and permissions, rather than relying solely on static approvals.
- Establish minimum trust criteria for extensions, focusing on installation counts, privacy policies, and maintenance history.
